|
220001
|
3.7 |
LOW
Network
|
ibm
|
cognos_controller
|
IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information usi…
|
CWE-311
Missing Encryption of Sensitive Data
|
CVE-2019-4171
|
2024-11-21 13:43 |
2019-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220002
|
6.1 |
MEDIUM
Network
|
ibm
|
application_performance_management
|
IBM Cloud Application Performance Management 8.1.4 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker c…
|
CWE-1021
Improper Restriction of Rendered UI Layers or Frames
|
CVE-2019-4086
|
2024-11-21 13:43 |
2019-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220003
|
7.2 |
HIGH
Network
|
ibm
|
sterling_file_gateway
|
IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or…
|
CWE-89
SQL Injection
|
CVE-2019-4147
|
2024-11-21 13:43 |
2019-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220004
|
7.5 |
HIGH
Network
|
ibm
|
intelligent_operations_center
intelligent_operations_center_for_emergency_management
water_operations_for_waternamics
|
IBM Intelligent Operations Center V5.1.0 - V5.2.0, IBM Intelligent Operations Center for Emergency Management V5.1.0 - V5.1.0.6, and IBM Water Operations for Waternamics V5.1.0 - V5.2.1.1 does not re…
|
CWE-521
Weak Password Requirements
|
CVE-2019-4321
|
2024-11-21 13:43 |
2019-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220005
|
6.1 |
MEDIUM
Network
|
ibm
|
jazz_for_service_management
|
IBM Jazz for Service Management 1.1.3 is vulnerable to HTTP header injection, caused by incorrect trust in the HTTP Host header during caching. By sending a specially crafted HTTP GET request, a remo…
|
CWE-79
Cross-site Scripting
|
CVE-2019-4186
|
2024-11-21 13:43 |
2019-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220006
|
5.4 |
MEDIUM
Network
|
ibm
|
business_process_manager
business_automation_workflow
|
IBM Business Automation Workflow V18.0.0.0 through V18.0.0.2 and IBM Business Process Manager V8.6.0.0 through V8.6.0.0 Cumulative Fix 2018.03, V8.5.7.0 through V8.5.7.0 Cumulative Fix 2017.06, and V…
|
CWE-79
Cross-site Scripting
|
CVE-2019-4149
|
2024-11-21 13:43 |
2019-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220007
|
6.3 |
MEDIUM
Local
|
ibm
|
i
|
IBM i 7.4 users who have done a Restore User Profile (RSTUSRPRF) on a system which has been configured with Db2 Mirror for i might have user profiles with elevated privileges caused by incorrect proc…
|
CWE-269
Improper Privilege Management
|
CVE-2019-4536
|
2024-11-21 13:43 |
2019-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220008
|
5.2 |
MEDIUM
Local
|
ibm
|
cloud_automation_manager
|
IBM Cloud Automation Manager 3.1.2 could allow a malicious user on the client side (with access to client computer) to run a custom script. IBM X-Force ID: 158278.
|
NVD-CWE-noinfo
|
CVE-2019-4133
|
2024-11-21 13:43 |
2019-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220009
|
3.3 |
LOW
Local
|
ibm
|
cloud_automation_manager
|
IBM Cloud Automation Manager 3.1.2 could allow a user to be impropertly redirected and obtain sensitive information rather than receive a 404 error message. IBM X-Force ID: 158274.
|
NVD-CWE-noinfo
|
CVE-2019-4132
|
2024-11-21 13:43 |
2019-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220010
|
8.2 |
HIGH
Network
|
ibm
|
security_access_manager_for_enterprise_single_sign-on
|
IBM Security Access Manager for Enterprise Single Sign-On 8.2.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerabi…
|
CWE-611
XXE
|
CVE-2019-4513
|
2024-11-21 13:43 |
2019-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
